Enhancing the Cyber Resilience of Sea Drones
Sea drones are unmanned vessels that operate on or below the water's surface. During the military conflict between the Russian Federation and Ukraine, the latter has demonstrated how to use sea drones to attack Russian targets efficiently. However, as Russia's defences against drone attack...
Saved in:
Published in | 2024 16th International Conference on Cyber Conflict: Over the Horizon (CyCon) pp. 83 - 102 |
---|---|
Main Authors | , , , |
Format | Conference Proceeding |
Language | English |
Published |
NATO CCDCOE
28.05.2024
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Sea drones are unmanned vessels that operate on or below the water's surface. During the military conflict between the Russian Federation and Ukraine, the latter has demonstrated how to use sea drones to attack Russian targets efficiently. However, as Russia's defences against drone attacks are continuously increasing, the cyber resilience of sea drones is becoming increasingly important. Technological developments in shipping have brought new cybersecurity challenges. This paper contributes to the knowledge on augmenting the cyber robustness of maritime autonomous surface-floating and subaqueous drones. Firstly, we aim to support manufacturers in building affordable sea drones that reduce the cyberattack surface of commercial drones. Secondly, we offer guidance for tactical military commanders on the potential cyber weaknesses in a sea drone's specific operational environments and its reliance on particular technologies. We propose eight distinctive threat categories for cyberattacks against autonomous vessels: attacks to disrupt radio frequency signals; attacks to deceive or degrade sensors; attacks to intercept or modify communications; attacks on operational technology systems; attacks on information technology systems; attacks on artificial intelligence (AI) used for autonomous operations; attacks through supply chains; and attacks through physical access. We use the STRIDE (spoofing, tampering, repudiation, denial of service, elevation of privilege) [1] methodology in the context of each threat scenario, formulate mitigation measures to reduce the risk for each category, and link methods of cyberattack to each category. |
---|---|
ISSN: | 2325-5374 |
DOI: | 10.23919/CyCon62501.2024.10685581 |